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DETAILED ACTION 

1. Applicant's response filed on April 7, 2006 has been carefully considered. 
Claims 1-25 are pending. 

Claim Rejections - 35 USC § 103 

2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skili in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

3. Claims 1-2, 11-13, 25 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Sit et al. (U.S. Patent No.: 6,349,336 B1) in view of Underwood (U.S. 
Patent No.: 6,718,535 B1). 

Referring to claim 1 : 

i. Sit et al. teach: 

A secure system for transferring data, the system comprising: 

A client system (see e.g. figure 5, item 3141; and column 7, lines 

17-19 of Sit etaL); 

A server (see e.g. figure 5, item 308E; and column 7, lines 19-22 of 

Sit et al.); 

A secure system interposed between the client system and the 
server for controlling communications between the client system and the server, the 
security system including: 
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A first proxy system (see e.g. figure 5, item 306 of Sit et al.) and a 
second proxy system (see e.g. figure 5, item 312 of Sit et al.), the first proxy system 
coupled between the client system and the second proxy system (see e.g. figure 5, 
items 308I, 306, 312; and column 7, lines 15-25 of Sit et al.) and the second proxy 
system coupled between the server and the first proxy system (see e.g. figure 5, item 
308E, 312, 306 of Sit et al.); 

A firewall coupled between the first proxy system and the second 
proxy system (see figure 5, items 312, 305, 306 of Sit et al.), firewall restricting data flow 
between the first proxy system the second proxy system to outbound communications 
(see figure 5, item 305; and column 7, lines 26-28 of Sit et al.). 

However, Sit et al. do not specifically mention using a single port on 
the firewall. Sit et al. also do not specifically mention that the system supports file 
transfer protocol (FTP). 

ii. Underwood teaches a system for providing an activity framework 
wherein the system funnels all traffic through a single port on the firewall instead of 
using a different port number for each application (see column 280, lines 35-38 of 
Underwood). Underwood further discloses that proxy services are specialized 
applications or server programs that run on a firewall host, which take users' requests 
for Internet services (such as FTP and TELNET) and forward them, as appropriate 
according to the site's security policy, to the actual services. The proxies provide 
replacement connections and act as gateways to the services. For this reason, proxies 
are sometimes known as Application Level Gateways (see column 104, lines 65-67; and 
column 105, lines 1-5 of Underwood). 

iii. It would have been obvious to a person of ordinary skill in the art at 
the time the invention was made to combine the teaching of Underwood into the system 
of Sit et al. to use a single port on the firewall. It would have been obvious to a person 
of ordinary skill in the art at the time the invention was made to combine the teaching of 
Underwood into the system of Sit et al. to support FTP. 

iv. The ordinary skilled person would have been motivated to have 
applied the teaching of Underwood into the system of Sit et al. to use a single port on 
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the firewall, because it's well-known in the art of the computer network that using a 
single port on the firewall, instead of opening multiple ports, increases the security of 
the network. The ordinary skilled person would have been motivated to have applied 
the teaching of Underwood into the system of Sit et al. to support FTP, because most 
application gateway firewalls provide proxy service for the most common Internet 
protocols, such as FTP, HTTP, HTTPS, etc. (see column 278, lines 13-15 of 
Underwood). 

Referring to claim 2 : 

Sit et al. and Underwood teach the claimed subject matter: a secure 
system for transferring data (see claim 1 above). Sit et al. further disclose that the client 
system will send the request to the first proxy system. The first proxy system will 
forward the request to the second proxy system, via the single port in the firewall, and 
the second proxy system will establish a connection with the server (see e.g. figure 5, 
items 308I, 306, 305, 312, 308E; and column 7, lines 34-40 of Sit et al.). 

Referring to claim 11 : 

Sit et al. and Underwood teach the claimed subject matter: a secure 
system for transferring data (see claim 1 above). Sit et al. further disclose the system 
comprising a plurality of clients and a plurality of servers to transfer data through the 
single port in the firewall (see figure 5, items 3101, 3081, 3141, 3161, 310E, 308E, 314E, 
31 6E; and column 7, lines 15-25 of Sit et al.). 

Referring to claim 12 : 

This claim has limitations which is similar to those of claim 1 , thus it is 
rejected with the same rationale applied against claim 1 above. 

Referring to claim 13 : 

This claim has limitations which is similar to those of claim 2, thus it is 
rejected with the same rationale applied against claim 2 above. 

Referring to claim 25 : 

This claim has limitations which is similar to those of claim 11, thus it is 
rejected with the same rationale applied against claim 1 1 above. 
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4. Claims 3-4, 14-15 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Sit et al. (U.S. Patent No. 6,349,336) in view of Underwood (U.S. 
Patent No.: 6,718,535 B1), and further in view of Fan et al. (U.S. Patent No. 
6,219,706). 

Referring to claim 3 : 

i. Sit et al. and Underwood teach the claimed subject matter: a 
secure system for transferring FTP data (see claim 1 above). However, Sit et al. and 
Underwood are silent about the command ( or control ) channel in FTP data transfer. 

ii. Fan et al. teach a control channel. The control channel is used to 
initiate the FTP (File Transfer Protocol) connection between the client and the server 
(see column 2, lines 12-14 of Fan et al.). 

iii. It would have been obvious to a person of ordinary skill in the art at 
the time the invention was made to apply the teaching of Fan et al. into the system of Sit 
et al. and Underwood to use the command (or control) channel in FTP data transfer. 

iv. The ordinary skilled person would have been motivated to have 
applied the teaching of Fan et al. into the system of Sit et al. and Underwood to use the 
command (or control) channel in FTP data transfer, so as to protect sensitive resources 
such as engineering workgroup server or financial databases from unauthorized users 
(see column 1 , lines 24-26 of Fan et al.). 

Referring to claim 4 : 

i. Sit et al. and Underwood teach the claimed subject matter: a 
secure system for transferring FTP data (see claim 1 above). However, Sit et al. and 
Underwood are silent about transferring a representation of a socket from server to the 
client. 

ii. Fan et al. disclose the process of setting up a FTP data connection. 
Via the control channel mentioned in claim 3, the client and server negotiate a port 
number for data channel (see column 2, lines 14-17 of Fan et al.). 
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iii. It would have been obvious to a person of ordinary skill in the art at 
the time the invention was made to apply the teaching of Fan et al. into the system of Sit 
et al. and Underwood to transfer a representation of a socket from the server to the 
client. 

iv. The ordinary skilled person would have been motivated to have 
applied the teaching of Fan et al. into the system of Sit et al. and Underwood to transfer 
a representation of a socket from the server to the client, so as to protect sensitive 
resources such as engineering workgroup server or financial databases from 
unauthorized users (see column 1, lines 24-26 of Fan et al.). 

Referring to claim 14 : 

This claim has limitations which is similar to those of claim 3, thus it is 
rejected with the same rationale applied against claim 3 above. 
Referring to claim 1 5 : 

This claim has limitations which is similar to those of claim 4, thus it is 
rejected with the same rationale applied against claim 4 above. 



5. Claims 5-10, 16-24 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Sit et al. (U.S. Patent No. 6,349,336) in view of Underwood (U.S. 
Patent No.: 6,718,535 B1), further in view of Fan et al. (U.S. Patent No. 6,219,706), 
and further in view of Albert et al. (U.S. Patent No. 6,687,222). 

Referring to claim 5 : 

i. Sit et al., Underwood and Fan et al. teach the claimed subject 
matter: a secure system for transferring FTP data (see claim 4 above). However, they 
do not teach modifying the IP address in the socket. 

ii. Albert et al. teach to modify the IP address of the host in a packet 
before forwarding the packet on to client (see figure 3A, item 302; and column 12, lines 
29-33 of Albert et al.). 
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iii. It would have been obvious to a person of ordinary skill in the art at 
the time the invention was made to apply the teaching of Albert et al. into the system of 
Sit et al., Underwood and Fan et al. to modify the IP address of the host in a packet 
before forwarding the packet to the client. 

iv. The ordinary skilled person would have been motivated to have 
applied the teaching of Albert et al. into the system of Sit et al., Underwood and Fan et 
al. to modify the IP address of the host in a packet before forwarding the packet to the 
client, thus enabling a device that is protected by a firewall to be controlled by a device 
external to the firewall (see column 1 , lines 1 0-1 2 of Sit et al.). 

Referring to claim 6 : 

Sit et al., Underwood, Fan et al. and Albert et al. teach the claimed subject 
matter: a secure system for transferring FTP data (see claim 4 above). Sit et al. further 
disclose that the client system transmits a request through said security system for data 
located on the server (see figure 5, items 308I, 306; and column 7, lines 34-40 of Sit et 

al.). 

Referring to claim 7 : 

Sit et al., Underwood, Fan et al. and Albert et al. teach the claimed subject 
matter: a secure system for transferring FTP data (see claim 4 above). Sit et al. further 
disclose that the first proxy server forwards the request to the second proxy server via 
the single port on the firewall, and on to the data server (see figure 5, items 306, 305, 
312, 308E; and column 7, lines 34-40 of Sit et al.). 

Referring to claim 8 : 

This claim has limitations which is similar to those of claim 5, thus it is 
rejected with the same rationale applied against claim 5 above. 

Referring to claim 9 : 

Sit et al., Underwood, Fan et al. and Albert et al. teach the claimed subject 
matter: a secure system for transferring FTP data (see claim 4 above). Sit et al. further 
disclose that the server transmits data through said security system to first proxy (see 
e.g. figure 5, items 308E, 312, 305, 306; and column 7, lines 34-40 of Sit et aL). 

Referring to claim 10 : 
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Sit et aL, Underwood, Fan et al. and Albert et al. teach the claimed subject 
matter: a secure system for transferring FTP data (see claim 4 above). Sit et aL further 
disclose that the first proxy transmits data to the client system (see e.g. figure 5, items 
306, 308I; and column 7, lines 34-40 of Sit et aL). 
Referring to claims 16,17,18 : 

These claims have limitations which is similar to those of claim 5, thus 
they are rejected with the same rationale applied against claim 5 above. 
Referring to claim 19, 22 : 

These claims have limitations which is similar to those of claim 6, thus 
they are rejected with the same rationale applied against claim 6 above. 
Referring to claim 20 : 

This claim has limitations which is similar to those of claim 7, thus it is 
rejected with the same rationale applied against claim 7 above. 
Referring to claim 21 : 

This claim has limitations which is similar to those of claim 8, thus it is 
rejected with the same rationale applied against claim 8 above. 
Referring to claim 23 : 

This claim has limitations which is similar to those of claim 9, thus it is 
rejected with the same rationale applied against claim 9 above. 
Referring to claim 24 : 

This claim has limitations which is similar to those of claim 10, thus it is 
rejected with the same rationale applied against claim 10 above. 



6. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

(a) Schoettger (U.S. Pub. No.: 2002/0069366 A1) discloses a method for 
providing an external client access to a device that is protected by a firewall. 

(b) Fangman et al. (U.S. Pub. No.: 2002/0141352 A1) disclose a system 
for IP telephony. 
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(c) Do (U.S. Pub. No.: 2002/0007338 A1) discloses a method for 
conducting bidding sessions in various methods to arrive at the highest or lowest price. 

(d) Fangman et al. (U.S. Pub. No.: 2002/0141352 A1) disclose a system 
for IP configuring an IP telephony device. 



Response to Arguments 

7. Applicant's arguments filed April 7, 2006 have been fully considered but 
they are not persuasive. 

a. Applicant argues: 

"Individually or in combination, Sit and Underwood do not disclose (i) 
"restricting [FTP] data flow between said first proxy system and said second proxy 
system to outbound communications through a single port on said firewall " or (ii) 
"restricting all flow of FTP data passing through said security system through a single 
port on said firewall ." (see page 3, Applicant Arguments/Remarks) 

Examiner maintains: 

Sit et al. disclose that "A computer system 300 includes a firewall 305 
interposed between components on an internal side 302 of firewall 305 and an external 
side 304 of firewall 305. Internal side 302 includes a proxy agent 306 to which is 
coupled a Web server 308I, a browser 3141 and an application 3161. Likewise, external 
side 304 includes a reverse proxy 312 to which is coupled a Web server 308E, a 
browser 314E and an application 31 6E. On the internal side 302, firewall 305 is 
connected to proxy agent 306, on the external side 304, firewall 305 is connected to 
reverse proxy 312 via a computer network 301 such as the Internet. Firewall 305 
protects devices on the internal side 302 from unwanted communications originating 
with devices on the external side 304. 
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Reverse proxy agent 306 forms an interface between firewall 305 and 
one or more Web servers 308I. Each Web server 308I communicates with the one or 
more personal computers (PCs) 3101. Each PC 3101 incorporates a communication 
program that conforms to the HTTP protocol. Reverse proxy agent 306 is responsible 
for interfacing each Web server 3081 to firewall 305. Reverse proxy agent 306 
(hereafter "agent") initiates a connection, in response to a request received from a Web 
server 3081, through the firewall to a reverse proxy device 312 positioned on the 
external side 304 of firewall 305. This connection is kept open until the user closes the 
connection. 

Another function of agent 306 is to extract browser requests that are 
received over the connection from external components and to forward them to an 
appropriate Web server 308I. For example, agent 306 makes requests to Web server 
308I on behalf of a browser 314E that is located on external side 304 of firewall 305. A 
further function of agent 306 is to encode responses received from Web server 308I as 
a request, so as to assure that a subsequent response from browser 314E is passed by 
firewall 305. 

Reverse proxy 312 also functions to "wrap" requests received from one or 
more browsers 314E by code which is recognized by firewall 305 as a response rather 
than as a request, which would be blocked by firewall 305. Reverse proxy 312 also 
maintains the states of each connection, and remembers which agents, such as agent 
306, have initiated connections with it so that it knows what servers, such as Web 
server 308I, are accessible. Similarly, reverse proxy 312 remembers which browsers, 
such as browser 31 4E, have opened connections with it. Reverse proxy 312, in a 
similar manner to agent 306, converts received requests from browser 314E into 
responses and agent 306 performs the reverse function of converting responses 
received from reverse proxy 312 into requests which are then and dispatched to the 
indicated Web server 308I. In the reverse direction, agent 306 converts a response 
received from a Web server 308I into a request and dispatches that request via firewall 
305 to reverse proxy device 312. Upon receipt of the request, reverse proxy 312 
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"unwraps" the response and dispatches it to the appropriate browser 314E." (see figure 
5; and column 7, line 15, through column 8, line 2 of Sit et al.) 

Sit et al. further disclose that "Note that the designation of components as 
being internal or external is merely one of perspective. Communication can also be 
established between a PC 31 0E coupled to Web server 308E, and browser 3141. In 
such a case, the functions of PC 31 0E, Web server 308E and browser 3141 are similar 
to those of PC310I, Web server 308I and browser 314E, respectively, as described 
above, and the functional roles of agent 306 and reverse proxy 312 are reversed." (see 
figure 5; and column 8, lines 13-20 of Sit et al.) 

It's well known in the art that HTTP communications use single port 80. 

Therefore, Sit et al. disclose (i) restricting HTTP data flow between said 
first proxy system [i.e., see figure 5, element 306 of Sit et al.] and said second proxy 
system [i.e., see figure 5, element 312 of Sit et al.] to outbound communications through 
a single port on said firewall [i.e., see figure 5, element 305 of Sit et al.] or (ii) restricting 
all flow of HTTP data passing through said security system through a single port on said 
firewall [i.e., see figure 5, element 305 of Sit et al.]. 

However, Sit et al. do not specifically mention File Transfer Protocol (FTP) 

data. 

On the other hand, Underwood discloses that "Proxy Services are 
specialized applications or server programs that run on a firewall host, which take users' 
requests for Internet services (such as ftg and telnet) and forward them, as appropriate 
according to the site's security policy, to the actual services. The proxies provide 
replacement connections and act as gateways to the services. For this reason, proxies 
are sometimes known as Application Level Gateways." (see column 104, line 65, 
through column 105, line 5 of Underwood, emphasis added) 

Underwood further discloses that "File Transfer services enable the 
sending and receiving of files or other large blocks of data between two resources. In 
addition to basic file transport, features for security, guaranteed delivery, sending and 
tracking sets of files, and error logging may be needed if a more robust file transfer 
architecture is required." (see column 115, lines 30-35 of Underwood) 
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Underwood furthermore discloses that "HTTP can be thought of as a 
lightweight file transfer protocol optimized for transferring small files " (see column 115, 
lines 42-43 of Underwood, emphasis added) 

It would have been obvious to a person of ordinary skill in the art at the 
time the invention was made to apply the teaching of Underwood into the system of Sit 
et al. to transfer FTP data. 

The ordinary skilled person would have been motivated to have applied 
the teaching of Underwood into the system of Sit et al to transfer FTP data, since Proxy 
Services are specialized applications or server programs that run on a firewall host, 
which take users' requests for Internet services (such as ftg and telnet) and forward 
them, as appropriate according to the site's security policy, to the actual services (see 
column 104, line 65, through column 105, line 2 of Underwood), and also because 
HTTP can be thought of as a lightweight file transfer protocol optimized for transferring 
small files (see column 115, lines 42-43 of Underwood) while FTP (File Transfer 
Protocol) can be used for transferring regular size files or large files . Therefore, there is 
a clear motivation to apply the teaching of Underwood into the system of Sit et al. so 
that the system can support different types of file transfer protocols. 

b. Applicant argues: 

"(2) There Is No Suggestion or Motivation to Combine or Modify Sit and 
Underwood ." (see page 9, Applicant Arguments/Remarks) 

Examiner maintains: 
See Examiner's answer in (a). 

c. Underwood does not disclose this "single port" feature as presently 
claimed (see page 4, Applicant Arguments/Remarks) 

Examiner maintains: 

Sit et al. disclose (i) restricting HTTP data flow between said first proxy 
system [i.e., see figure 5, element 306 of Sit et al.] and said second proxy system [i.e., 
see figure 5, element 312 of Sit et al.] to outbound communications through a single 
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port on said firewall [i.e., see figure 5, element 305 of Sit et al.] or (ii) restricting all flow 
of HTTP data passing through said security system through a single port on said firewall 
[i.e., see figure 5, element 305 of Sit et al.]. (See Examiner's answer in (a)). Since 
Examiner's primary reference Sit et al. already disclose using the single port feature on 
the firewall, Examiner mainly uses Underwood reference for the FTP feature. 
Nonetheless, Examiner appreciates and checks the RFC-2647 and RFC-1928 
documents attached in the Amendments by Applicant. 



Conclusion 

8. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire 
THREE MONTHS from the mailing date of this action. In the event a first reply is filed 
within TWO MONTHS of the mailing date of this final action and the advisory action is 
not mailed until after the end of the THREE-MONTH shortened statutory period, then 
the shortened statutory will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Joseph Pan whose telephone number is 571-272- 
5987. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Kim Vu can be reached at 571-272-3859. The fax and phone 
numbers for the organization where this application or proceeding is assigned is 571- 
273-8300. 
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Any inquiry of a general nature or relating to the status of this application 
or proceeding should be directed to the receptionist whose telephone number is 571- 
272-2100. 



Joseph Pan 
June 22, 2006 
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